projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ee3bfd5) | patch
Bug 19054 - XSS Flaws in Report - Top Most-circulated items
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Mon, 7 Aug 2017 17:04:05 +0000 (22:34 +0530)
committerJonathan Druart <jonathan.druart@bugs.koha-community.org>
Tue, 29 Aug 2017 15:00:37 +0000 (12:00 -0300)
commit1a7040b7b0596a25a988568f0da0b47dd12c9f28
treeec72269f296be1e954f6df05eee06b87e80866c9tree | snapshot
parentee3bfd5d69f8f649c74e58385b8180faade875d0commit | diff
Bug 19054 - XSS Flaws in Report - Top Most-circulated items

1. Hit /cgi-bin/koha/reports/cat_issues_top.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> in Callnumber, Day, Month, Year search box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on Callnumber, Day, Month, Year search box.
6. Notice it is no longer executed.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
koha-tmpl/intranet-tmpl/prog/en/modules/reports/cat_issues_top.tt diff | blob | history
Main Koha release repository